openSUSE Security Update : xen-201004 (openSUSE-SU-2010:0293-1)

Collective Xen 2010/04 Update, containing fixes for the following issues : bnc576832 - pygrub, reiserfs: Fix on-disk structure definition bnc537370 - Xen on SLES 11 does not boot - endless loop in ATA detection bnc561912 - xend leaks memory bnc564750 - Keyboard Caps Lock key works abnormal under...

CentOS 5 : xen (CESA-2009:1472)

Updated xen packages that fix a security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Xen is an open source virtualization framework. Virtualization allows users to ru...

xen security update

CentOS Errata and Security Advisory CESA-2009:1472 Updated xen packages that fix a security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Xen is an open source...

RedHat Security Advisory RHSA-2009:1472

The remote host is missing updates announced in advisory RHSA-2009:1472. Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the password option in th...

RedHat Security Advisory RHSA-2009:1472

The remote host is missing updates announced in advisory RHSA-2009:1472. Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the password option in th...

CVE-2009-3525

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

CVE-2009-3525

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

Design/Logic Flaw

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

CVE-2009-3525

CVE-2009-3525 affects Xen pyGrub in Xen 3.0.3, 3.3.0, and Xen-3.3.1, where the password option in grub.conf is not honored for para-virtualized guests. This allows attackers with access to the para-virtualized guest console to boot the guest or alter kernel boot parameters without the expected pa...

CVE-2009-3525

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

Moderate: Red Hat Security Advisory: xen security and bug fix update

Updated xen packages that fix a security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Xen is an open source virtualization framework. Virtualization allows users to ru...

Xen: PyGrub missing support for password configuration command

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

Xen pygrub本地验证绕过漏洞

Bugraq ID: 36523 Xen是一款用于Linux内核的一种虚拟化技术，允许同时运行多个操作系统。 Xen's PyGrub，当grub.conf以密码保护配置的情况下，在主机启动阶段没有检查密码，可物理接触主机的攻击者，可以利用这个缺陷更改OS启动配置。 XenSource Xen 3.3.1 XenSource Xen 3.3 XenSource Xen 3.0.3 厂商解决方案 用户可参考如下安全公告获得补丁信息： https://bugzilla.redhat.com/showbug.cgi?id=525740...

Xen 3.x - pygrub Local Authentication Bypass

source: https://www.securityfocus.com/bid/36523/info Xen is prone to a local authentication-bypass vulnerability. A local attacker with physical access to an affected host can exploit this issue to bypass authentication and modify the 'grub.conf' file. This may aid in a complete compromise of the...

Mandriva Update for xen MDKSA-2007:203 (xen)

Check for the Version of xen OpenVAS Vulnerability Test Mandriva Update for xen MDKSA-2007:203 xen Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Fedora 7 : xen-3.1.0-6.fc7 (2007-2270)

Fixes a security flaw in pygrub handling of config files and a denial-of-service case in ne2k NIC for QEMU. Fixes the case of disappearing network cards in fully-virtualized guests. NB, it only fixes it for guests created after this errata is installed & XenD restarted. Any pre-existing guests ma...

Mandrake Linux Security Advisory : xen (MDKSA-2007:203)

Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain CVE-2007-1320. Tavis...

Fedora Core 6 : xen-3.0.3-12.fc6 (2007-713)

Fixes a security flaw in pygrub handling of config files and a denial-of-service case in ne2k NIC for QEMU. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...

xen security update

CentOS Errata and Security Advisory CESA-2007:0323 An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Xen package contains the tools for...

RHEL 5 : xen (RHSA-2007:0323)

An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Xen package contains the tools for managing the virtual machine monitor in Red Hat...